Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-29 17:25:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-3.7.y
linux-stable/net
History
Mathias Krause 314561f4fe sock_diag: Fix out-of-bounds access to sock_diag_handlers[] 
[ Upstream commit 6e601a5356 ]

Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
with a family greater or equal then AF_MAX -- the array size of
sock_diag_handlers[]. The current code does not test for this
condition therefore is vulnerable to an out-of-bound access opening
doors for a privilege escalation.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-02-27 09:21:24 -08:00
..
9p virtio: 9p: correctly pass physical address to userspace for high pages 2013-01-11 09:18:18 -08:00
802 tokenring: delete all remaining driver support 2012-05-15 20:23:16 -04:00
8021q vlan: allow to change type when no vlan device is hooked on netdev 2012-10-18 15:34:30 -04:00
appletalk userns: Print out socket uids in a user namespace aware fashion. 2012-08-14 21:48:06 -07:00
atm net🏧fix up ENOIOCTLCMD error handling 2012-08-31 16:14:33 -04:00
ax25 userns: Convert net/ax25 to use kuid_t where appropriate 2012-08-14 21:49:42 -07:00
batman-adv batman-adv: fix random jitter calculation 2013-01-11 09:18:51 -08:00
bluetooth Bluetooth: Fix handling of unexpected SMP PDUs 2013-02-14 10:48:00 -08:00
bridge bridge: Pull ip header into skb->data before looking into ip header. 2012-10-10 22:50:45 -04:00
caif caif: move the dereference below the NULL test 2012-09-10 16:13:31 -04:00
can can: bcm: initialize ifindex for timeouts without previous frame reception 2012-11-26 22:33:59 +01:00
ceph rbd: remove linger unconditionally 2013-01-17 08:46:49 -08:00
core sock_diag: Fix out-of-bounds access to sock_diag_handlers[] 2013-02-27 09:21:24 -08:00
dcb netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
dccp inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock 2013-01-11 09:18:52 -08:00
decnet sections: fix section conflicts in net 2012-10-06 03:04:45 +09:00
dns_resolver Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
dsa workqueue: deprecate flush[_delayed]_work_sync() 2012-08-20 14:51:24 -07:00
ethernet ipx: move peII functions 2012-07-19 10:48:00 -07:00
ieee802154 net/ieee802154/6lowpan.c: Remove unecessary semicolon 2012-09-18 16:08:19 -04:00
ipv4 tcp: fix splice() and tcp collapsing interaction 2013-02-14 10:48:36 -08:00
ipv6 ipv6: Add an error handler for icmp6 2013-02-14 10:48:31 -08:00
ipx userns: Print out socket uids in a user namespace aware fashion. 2012-08-14 21:48:06 -07:00
irda irda: irttp: fix memory leak in irttp_open_tsap() error path 2012-11-28 11:25:29 -05:00
iucv net: remove skb_orphan_try() 2012-06-15 15:30:15 -07:00
key net/key/af_key.c: add range checks on ->sadb_x_policy_len 2012-10-01 17:15:06 -04:00
l2tp l2tp: fix oops in l2tp_eth_create() error path 2012-11-02 21:56:35 -04:00
lapb lapb: Neaten debugging 2012-05-17 18:45:20 -04:00
llc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-10-02 11:11:09 -07:00
mac80211 mac80211: fix FT roaming 2013-02-03 18:27:02 -06:00
mac802154 mac802154: fix NOHZ local_softirq_pending 08 warning 2013-01-11 09:18:52 -08:00
netfilter netfilter: xt_CT: fix unset return value if conntrack zone are disabled 2013-02-03 18:27:08 -06:00
netlabel Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
netlink netlink: use kfree_rcu() in netlink_release() 2012-10-18 15:34:30 -04:00
netrom net: change return values from -EACCES to -EPERM 2012-09-21 13:58:08 -04:00
nfc NFC: Fix nfc_llcp_local chained list insertion 2012-11-20 00:09:25 +01:00
openvswitch openvswitch: Store flow key len if ARP opcode is not request or reply. 2012-10-30 17:17:09 -07:00
packet packet: fix leakage of tx_ring memory 2013-02-14 10:48:18 -08:00
phonet netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
rds RDS: fix rds-ping spinlock recursion 2012-10-09 13:57:23 -04:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
rose net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
rxrpc Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
sched net: sched: integer overflow fix 2013-01-11 09:18:52 -08:00
sctp net: sctp: sctp_endpoint_free: zero out secret key data 2013-02-14 10:48:34 -08:00
sunrpc SUNRPC: Ensure we release the socket write lock if the rpc_task exits early 2013-01-17 08:46:08 -08:00
tipc tipc: do not use tasklet_disable before tasklet_kill 2012-11-03 15:10:14 -04:00
unix af_unix: old_cred is surplus 2012-09-17 13:00:13 -04:00
wanrouter wanmain: comparing array with NULL 2012-07-24 13:55:21 -07:00
wimax net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
wireless net, wireless: overwrite default_ethtool_ops 2013-02-14 10:48:02 -08:00
x25 net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
compat.c make get_file() return its argument 2012-09-26 21:10:25 -04:00
Kconfig net: Add INET dependency on aes crypto for the sake of TCP fastopen. 2012-09-04 14:20:14 -04:00
Makefile econet: remove ancient bug ridden protocol 2012-05-18 01:35:08 -04:00
nonet.c
socket.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
sysctl_net.c net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00